👋 Hello and welcome back to Cybersecurity Decrypted, your weekly cybersecurity news recap.
In the headlines this week:
- 💰 The true cost of cyber-crime revealed by the FBI
- 🔐 A new crypto-targeting social engineering scam
- 🌐 Millions raised by AI-first cybersecurity startup
You can listen to a Decrypted briefing every week in your favorite podcast app. Listen here.
Subscribe to Expert Insights Decrypted to get this newsletter in your inbox every week.
🌉 Key Cybersecurity Trends To Watch Ahead Of RSAC 2025
RSAC 2025 kicks off next week, with over 41,000 cybersecurity leaders descending on San Francisco for one of the biggest events in the cyber-calendar.
We asked a few experts for the key themes to watch that really matter for your business. Here’s what they told us:
- 🤖 Agentic AI Is Dominating The Conversation: “We’ve spent the last year watching GenAI mature from a buzzword into a practical force in security operations. RSAC 2025 will spotlight the next evolution—from assistants to agents, and from isolated use cases to integrated defense.” – Chas Clawson, Security Field CTO, Sumo Logic.
- 🔐 Risk Vs. Reward For AI: “At RSAC 2025, I’m looking forward to deeper conversations around how CISOs are navigating the risk-reward equation of AI and pushing for transparency in how these tools are built and secured. This year’s conference promises to facilitate crucial discussions and insights for anyone looking to stay ahead of the evolving CISO role and the scrutiny shaping the future of cybersecurity leadership.” – Patrick Joyce, Global Resident CISO, Proofpoint.
- 👥 Identity is as important as ever: “Look for identity-first security. A major shift that you might have observed recently is the increased attack on identity infrastructure. Protecting these various identities should be right up there on the CISO and CIO agenda. After all, identities aren’t a gateway to your data just for your users, but for your adversaries as well.” – Haider Iqbal, Director of Product Marketing at Thales.
For more insights ahead of the show, read the full article on key trends to look out for here . We’ll have more coverage next week on the big takeaways not to miss.
📰 Headlines
- The FBI has revealed that cyber-crime accounted for over $16 billion USD in losses to business and individuals in 2024. The law enforcement agency received 860,000 complaints last year. 🔗
- The city of Abilene, Texas is recovering from a cyberattack that knocked several systems offline. The attack started on April 18, and the city’s IT department have worked over the Easter weekend to restore services and minimize the impact of the attack. 🔗
📡 Threat Watch
- A new social engineering campaign dubbed ‘Elusive Comet’ is targeting cryptocurrency users, with scammers impersonating a legitimate venture capital firm via websites and podcasts. The con involves asking a victim to be a guest on a fake podcast and then using Zoom’s screen share feature to install infostealer malware. 🔗
- Russian threat actors are targeting Microsoft 365 users with a social engineering scam involving fake video calls designed to generate OAuth codes that enable the hackers to gain access to M365 access tokens. 🔗
- CISA has now issued guidance following reports of an Oracle Cloud breach. They recommend users update passwords, implement MFA, and watch out for phishing attempts. 🔗
- The FBI has warned of a scam involving criminals impersonating FBI agents and offering to “help” people who have lost money to other scammers; before accessing their financial information. The scam often begins with an email, phone call, or message on social media. There have been over 100 reports of this tactic in the last two years. 🔗
- A sophisticated phishing attack was able to successfully impersonate “[email protected]” and pass DKIM authentication by abusing Google’s OAuth setup. The only giveaway was a suspicious URL hosted on Google’s free site builder. 🔗
🚨 Industry News
- Microsoft has launched the “largest cybersecurity engineering project in history,” boosting Microsoft Account and Entra ID security. This involves purging inactive Azure Cloud accounts and inventorying cloud and network assets to prevent nation-state backed breaches. 🔗
- Endor Labs, a software supply chain provider, has announced a $93 million Series B funding round and a major expansion of its application security platform. 🔗
- Digital services giant Infosys has announced it will acquire The Missing Link, an Australian specialist cybersecurity firm. 🔗
- IRONSCALES has launched a new deepfake detection platform designed to help organizations combat the rise of AI-generated phishing attacks. 🔗
- Three AI-startups have announced Series A funding rounds this week. Terra Security, an agentic AI penetration testing platform has raised $8 million USD. Hopper Inc, an open-source cybersecurity risk management platform has raised $7.5 million USD. Kenzo Security, an agentic AI security operations platform, has raised $4.5 million USD.
- Cycode has announced an upgrade to its flagship ASPM platform, including new vulnerability scanning features. 🔗
🌎 Global News
- 2025 is set to be a record year for cybersecurity investments in the Middle East and North Africa, with spending expected to exceed $3 billion USD this year, says Gartner. 🔗
- Japanese regulators have warned that $350 million USD worth of unauthorized trades are taking place on hacked brokerage platforms in Japan, caused by a spike in stolen customer information obtained through phishing websites. 🔗
- The UN has warned that Asia-based organized cyber-crime gangs are beginning to spread operations globally in response to crackdowns by local authorities. The gangs have stolen billions of dollars through illegal schemes, and attacks have now been reported in Africa and South America. 🔗
🔍 Expert Insights: Latest From Us
Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.
- Podcast: Former Chief Digital and AI Officer for the U.S. Department of Defense On What AI Is, And Isn’t
- ThreatLocker Q&A: Macs Are A Target For Hackers – Here’s How To Lock Them Down With Zero Trust
- Q&A: Druva’s Chief Security Officer On Cloud Backup and Data Security Trends
- SaaS Backup & Recovery in 2025: A Deep Dive into Key Stats & Trends
- The Top 8 GenAI Data Security Solutions
That’s all for this week! 👋
How did you find this newsletter? Please send us any feedback to help us improve. Thanks for your support.
Expert Insights’ Cybersecurity Resources
- Top RMM Solutions For MSPs
- Top Mobile Device Management (MDM) Solutions
- Top Email Security Gateways
- Top Email Security Solutions For Office 365
- Top Identity And Access Management Solutions
- Top Phishing Protection Solutions
- Top Phishing Simulation And Testing Solutions
- Top Cyber Threat Intelligence Solutions
